Before Stratfor

Sign up for our newsletter:

Before Stratfor

Jeremy’s Background

Jeremy Hammond is a 30-year-old activist, anarchist and computer programmer. He was attracted to computers early on and won a high school competition for his coding. Opposition to the Iraq War motivated Jeremy to get involved in activism — on the day of the invasion, he organised a school walkout. After graduating, he founded HackthisSite.org to train fellow programmers in various hacking methods and security measures.

Anonymous and LulzSec

In autumn 2010, activists operating under the name of online collective Anonymous launched Operation Payback, a series of Distributed Denial of Service (DDoS) attacks against the websites of corporations and organisations who were themselves engaged in attacks on file-sharing sites. In December 2010, several major banking companies blocked donations to WikiLeaks, which had just started publishing US State Department cables in coordination with an international network of media organisations – and Operation Payback switched focus. DDoS attacks were initiated against organisations including MasterCard, Visa and PayPal. Fourteen defendants (the PayPal 14) were later arrested and charged under the Computer Fraud and Abuse Act for their part in these attacks.

Operation Payback arguably marked a turning point in the mainstream visibility of online activism. It also exemplified a changing focus among hacktivists themselves – whereas the concerns of previous campaigns had centred on the copyright lobby and their attempts to restrict the availability of information online, Operation Payback signaled a shift towards the operations of private security companies who, it emerged, also saw Anonymous as a potentially profitable target. In January 2011, Aaron Barr, the CEO of US security company HB Gary Federal told the Financial Times that he had developed techniques to identify members of Anonymous. This was widely interpreted as an attempt to make money while putting people in legal jeopardy and, in early February 2011, online activists compromised HB Gary’s servers and copied tens of thousands of corporate emails.

Among the documents seized in the attack was a proposal produced by HB Gary Federal and a group of security companies (including Berico Technologies and Palantir) calling themselves “Team Themis” for US law firm Hunter and Williams, acting on behalf of Bank of America. The proposal discussed ways of targeting WikiLeaks’ systems and support network, including “actions to sabotage or discredit” sympathetic journalists. Another Team Themis proposal for the US Chamber of Commerce proposed an attack on US think tank, the Center for American Progress. Publication of the full cache of more than 70,000 HB Gary emails in March 2011 (now only available here) inspired a series of crowdsourced analyses of the US private security industry, including the Project PM wiki founded by Barrett Brown.

In the summer of 2011, the Anonymous offshoot LulzSec, which included several of the individuals involved in the HB Gary operation, gained unprecedented notoriety for its “50 Days of Lulz.” During that time, members of LulzSec attacked and defaced the websites of media organisations, including Fox News and PBS, corporations, and government websites including senate.gov and CIA.gov. LulzSec claimed that its actions were apolitical, though its affiliated members attacked PBS after it ran a profile of WikiLeaks that maligned US Army whistleblower Chelsea Manning. The aliases of several LulzSec members became well-known through their Twitter accounts and the collective gained unprecedented media attention before it formally disbanded on 25 June 2011.

An informant inside Anonymous

The case against Jeremy Hammond, and those against others associated with Anonymous, relied heavily on the cooperation of FBI informant Hector Xavier Monsegur, also known as Sabu.

Monsegur, one of the most prominent members of Lulzsec, was arrested on 7 June 2011, but the fact of his arrest was to stay secret for the next eight months while he assisted the FBI. At Monsegur’s first court hearing, Assistant US Attorney James Pastore told the presiding Judge Loretta Preska, “Since literally the day he was arrested, the defendant has been cooperating with the government proactively.”

While continuing to masquerade as a member of Anonymous, Monsegur ultimately led the authorities to arrest several other hacktivists associated with Lulzsec and Anonymous, including Jeremy Hammond. What prosecutors called Monsegur’s “truly extraordinary” cooperation with the FBI included encouraging followers of his Twitter feed to participate in a new AntiSec campaign and engaging in what, in hindsight, looks like entrapment, as well as betraying former comrades while instigating many of the attacks they would later be charged with.

The full list of attacks instigated and coordinated by Monsegur under the eye of the FBI is still sealed by court order but appears to have included the websites of several foreign governments. In a statement released ahead of Hector Monsegur’s sentencing (he received time served), Jeremy Hammond questioned the motivation of many of these attacks:

It is widely known that Sabu was used to build cases against a number of hackers, including myself. What many do not know is that Sabu was also used by his handlers to facilitate the hacking of targets of the government’s choosing – including numerous websites belonging to foreign governments. What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally. The questions that should be asked today go way beyond what an appropriate sentence for Sabu might be: Why was the United States using us to infiltrate the private networks of foreign governments? What are they doing with the information we stole? And will anyone in our government ever be held accountable for these crimes?

Operation Anti-Security

On 19 June 2011, while working with the FBI, Hector Monsegur announced the launch of Operation Anti-Security (AntiSec). Breaking with the ‘non-political’ philosophy of LulzSec, the Operation Anti-Security manifesto encouraged activists “to open fire on any government or agency that crosses their path… Prime targets are banks and other high-ranking establishments.”

On 23 June 2011, AntiSec released a set of documents taken from the Arizona Department of Public Safety (“Chinga la Migra”), followed by two further installments later that month. Accompanying statements stated that the organisation had been targeted in response to anti-immigration legislation.

In early December 2011, the servers of Strategic Forecasting (Stratfor), a private intelligence firm based in Texas, were compromised. The breach became public on 24 December, when Stratfor’s servers and backups were wiped and the company was forced to alert its subscribers. In the intervening three weeks, seized material included email distribution lists, subscriber information and company emails stretching back to 2004.

That the authorities had allowed Stratfor’s corporate and customer data to remain compromised for weeks did not escape comment. In a blog post on 11 January, Stratfor Chairman George Friedman confirmed that the company had been alerted to customer details being compromised but had agreed to “cooperate” with the FBI by not alerting anyone. This delay was later the subject of a class-action lawsuit brought by Stratfor customers. In a settlement, Stratfor agreed to compensate customers to the value of $1.75 million in free subscriptions.

In the ensuing indictment against Jeremy Hammond, FBI agents claimed to have first heard about the attack on 6 December in an online chat between Hector Monsegur and Jeremy Hammond. Subsequently published information has cast doubt on this timeline.

I had never even heard of Stratfor until Sabu brought it to my attention. Sabu was encouraging people to invade systems, and helping to strategise and facilitate attacks. He even provided me with vulnerabilities of targets passed on by other hackers, so it came as a great surprise when I learned that Sabu had been working with the FBI the entire time.

On December 4, 2011, Sabu was approached by another hacker who had already broken into Stratfor’s credit card database. Sabu, under the watchful eye of his government handlers, then brought the hack to Antisec by inviting this hacker to our private chatroom, where he supplied download links to the full credit card database as well as the initial vulnerability access point to Stratfor’s systems.

Documents released in the wake of Monsegur’s own sentencing in 2014 support Jeremy’s contention. ‘Hyrriiya’, who alerted Monsegur to the Stratfor vulnerability, even submitted a letter as confirmation for Jeremy’s defence team. As with the attacks on foreign websites instigated by Monsegur, given the degree of supervision he was subject to, the FBI’s claim that it was not aware of the exploitation of Stratfor’s vulnerabilities before Jeremy Hammond was involved is not credible.